Thursday, August 19, 2010

Analysis of a Malware Installation Attempt

Here's the background. Earlier this year, I was in a masters class that was an introduction to the TCP/IP suite of protocols. TCP/IP is, in essence, the backbone of the Internet. It's what allows all computers to talk to all other computers, regardless if they're little handheld iPhones to large supercomputers.
Me, I hate theory. I mean I really hate it. So many textbooks provide such dry prose that I have to stand in a monsoon to keep some humidity around me. To help keep my interest, I decided to do a little experiment. A friend's computer had been infected with a virus when she clicked on a link in her Facebook account. Turns out the link was from a friend of hers, whose account had also been infected. My friend's computer was running Windows, and it required several days and a couple hundred dollars to get it fixed. Anyway, I decided to use this as an opportunity to learn something. So, I set up a virtual machine (using VMWare) to create a Windows 7 Professional system. Then, I loaded Kaspersky Anti-virus, created a limited account, and went hunting. I stored a few of the links that were now appearing on her (now infected) Facebook account.
Rather than bore you here with all of the details, here's a short, graphic-laden summary of what transpired. The short answer is that it appears that Windows 7, when run on a limited account, is a much tougher nut to crack than I thought. Considering that I converted to Linux just last year, that's saying something.

Rob, We Need You Back

I've been a follower of Rob Rosenberger for many years. It's been at least ten because I remember reading his work while still living in a townhouse, and that was in 1999. Rob hasn't posted on either his Vmyths site nor on the SecurityCritics.org site since last year. So far as I'm concerned, Rob was (and remains) the master of biting commentary with respect to computer security and the computer security industry. Finding him looking over your shoulder is similar to finding a "60 Minutes" news crew outside your front door. It's just not something you want to see happen. For example, when he went after Richard Clarke, you could hear the bitch-slap reverberating all across the country.
For those of us on the other side, the receiving side, of his wit and wisdom, it's just the opposite. You hope, nay pray, for him to find someone or something to ridicule. Seriously, to me, reading Rosenbergers's insightful analyses was like finding the Rosetta Stone of the anti-virus industry. I could feel my IQ rising with each paragraph I took in.
Which brings me to my point. Rob, we need you back. I mean it. We need you. The seeming rise of botnets and uberhackers and what not just screams for someone with the knowledge and, even more importantly, the ability to translate that knowledge for the masses, and that means you. We need someone with the expertise to be able to look past the fluff and spin and exaggerations to be able to say what is BS, and what is BS.
Come back, Rob, when you can. As the ad goes, "We'll leave the light on for ya."